Multisig (was: OpenPGP Minutes / Quick Summary)

Werner Koch <wk@gnupg.org> Mon, 21 August 2006 19:22 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFFMM-0007VK-8W for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFFMK-0006bT-Tm for openpgp-archive@lists.ietf.org; Mon, 21 Aug 2006 15:22:54 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 21:11:43 +0200
Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200
From: Werner Koch <wk@gnupg.org>
To: derek@ihtfp.com, ietf-openpgp@imc.org
Subject: Multisig (was: OpenPGP Minutes / Quick Summary)
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org>
Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Mon, 21 Aug 2006 20:59:43 +0200
In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200")
Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.110006 (No Gnus v0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

On Mon, 21 Aug 2006 19:42, Thomas Roessler said:

   Users should be aware of the fact that each individual signature can
   be broken out and used to create a valid "multipart/signed" body
   according to the underlying protocol and RFC 1847.

Assuming that parallel signatures are used to give extra security in
case one of the protocols or algorithms has been broken, this indeed a
problem.  

A solution is easy: The protocols and algorithms used to make up the
signatures need to be hashed with the content.  For example by an
extra header line in the first part.  When verifying the signatures an
application can easily detect whether a signature has been removed and
present an appropriate warning (also considering the algorithms deemed
to be broken at the time of verification).

Obviously this requires that either all signatures are created at the
same time or forehand knowledge of the signatures to be added later is
required.


Shalom-Salam,

   Werner